Sign up for our weekly security newsletter

Symantec Report Highlights Fresh Online Assaults Masquerading as BBB

Symantec Corp. just published its Symantec Intelligence Report of February 2012, according to which, one fresh surge in cyber-assaults are masquerading as the renowned United States agency BBB, the Better Business Bureau.

The assaults, apparently involve e-mails targeting organizations by posing as messages from the Better Business Bureau. Thereafter, these same messages, socially engineered, indicate that some party lodged a complaint against the enterprise as also its details are given in a file attached to the e-mail. But, the attachment contains a PDF document, which consists of an implanted .exe file alternatively an URL address pointing to malware.

Symantec's Cyber Security Intelligence Manager Paul Wood states that the current assaults bring to mind similar incidences of 2007 that never occurred before. At that time, fake e-mails targeted executives of C-level businesses as they posed as communications from the U.S BBB. The current surge in assaults contains the same type of social engineering methods, while the overall attack technique is significantly more advanced since it involves server-side polymorphism, Wood explains. Marketwatch.com published this on February 29, 2012.

And alongside the BBB impersonated cyber-assault, Symantec's report further indicates how, with Whitney Houston the celebrated pop singer's tragic death, spammers are exploiting the situation by purveying malware through their malicious e-mails. Reportedly, the spam mails provide a movie file on the star's performance in Los Angeles that was her last appearance in public as well as pulls down a malicious .exe file, which Symantec's anti-virus identifies to be WS.Reputation.1 that a Japanese Internet site hosts after being hijacked. Also, the electronic mail sent from an Ireland id aims at Portuguese-speaking people, the new study suggests.

Finally, the report as well mentions about peer-to-peer (P2P) upgrading of SpyEye/ZeuS bot. This fresh version utilizes solely P2P communication so the botnet remains active, while information is still gathered. Moreover, the upgrading suggests that the command-and-control system no longer exists for the mentioned function. While earlier, control e-mails were sent to the command-and-control server as well as received from it, currently these appear as undergoing treatment by the P2P file sharing PC network, the study states at the end.